Superset API client to create custom roles

[shaidar]

Description/Context

Programmatically create custom Superset role definitions that we can use in conjunction with Moira groups to assign permissions to internal groups accessing the Superset UI.

Plan/Design

Using the following standard roles, create a few custom role definitions that some of our internal clients need for Superset UI access. Then, write a basic script to test out a forked Superset API client to create those new role definitions on our instance of Superset.

[shaidar]

Worked on the following:

• Refactored to allow the use of a token (obtained from Keycloak) to call the API instead of using a username and password as that doesn't work given our current config.
• Fixed ValueError: mutable default <enum 'FilterExpressionType'> for field expressionType is not allowed: use default_factory in different parts of the codebase.
• Fixed TypeError: Field.init() missing 1 required positional argument: 'kw_only'
• Tweaked superset_config.py to match the already created Superset Keycloak account to the preferred_username found in the JWT token and is tied to Keycloak's ol-superset-client

[shaidar]

This describes the issue we're trying to solve:
https://stackoverflow.com/questions/75415300/flask-appbuilder-accept-jwt-bearer-token-for-service-account

[shaidar]

Making a POST request to /api/v1/security/login and passing in username, password, and provider as data, results in a 401 error when trying db as provider. Trying anything else for provider apart from ldap or db throws an error that only those two providers are valid

[shaidar]

For now, we are going to test out defining roles in a json file and using the superset fab cli to load those as part of the superset-init container. This is similar to what is being done here.
On another note, came across the following proposal which meant eventually lead to better role definitions and permission handling: apache/superset#28377